Manage which USB storage devices are allowed on your endpoints. Real-time policy enforcement, instant visibility, zero complexity.
Block or allow USB storage devices instantly via MQTT push. No waiting for GPO sync or reboots — policies apply in seconds.
Only see devices that are physically connected right now. No phantom devices, no historical clutter, no false positives.
Enable enforcement company-wide or on individual machines. Perfect for phased rollouts and testing.
Agents auto-discover USB storage devices and report them to your console. No manual inventory needed.
Toggle enforcement off and all devices are automatically re-enabled. No machines get stuck in a blocked state.
Under 4MB Windows service. No PowerShell dependency, no shell execution capability. USB control only — nothing else.
BitLocker encryption enforcement. See which machines are encrypted, set compliance policies, and get alerts for non-compliant endpoints. $3/dev/mo add-on. Learn more →
Windows update compliance monitoring. Track patch status across your fleet, set update deadlines, and get alerts when machines fall behind. $2/dev/mo add-on. Learn more →
Hardware and software inventory for your entire fleet. Track installed apps, hardware specs, and changes over time. Export to CSV. $2/dev/mo add-on. Learn more →
Application whitelist and blacklist enforcement. Control which apps can run on managed devices with AppLocker/WDAC policies. $5/dev/mo add-on. Learn more →
Printer access control. Inventory all printers across your fleet, enforce allow/deny policies per device, and prevent unauthorized printing. $2/dev/mo add-on. Learn more →
Wireless network restrictions. Whitelist approved SSIDs, block rogue networks, and get alerts when devices connect to unauthorized WiFi. $3/dev/mo add-on. Learn more →
Local admin password rotation (LAPS alternative). Automatically rotate passwords on schedule with encrypted storage and full audit trail. $5/dev/mo add-on. Learn more →
Screen lock policy enforcement. Ensure screensaver timeouts and lock policies are configured correctly across all endpoints. $2/dev/mo add-on. Learn more →
Free for up to 5 devices. No credit card required. Paid plans from $2/device/month. 10% discount on annual billing.
Get all 8 Guard Suite tools (PortGuard + DriveGuard + PatchGuard + AssetGuard + AppGuard + PrintGuard + WiFiGuard + CredGuard + ScreenGuard) at 40%+ savings vs. buying individually.
See Bundle DetailsPortGuard installs a lightweight Windows service (under 4MB) on each endpoint. The agent connects to our cloud over MQTT and enforces block/allow policies by interacting with the Windows device management layer. When you change a policy in the web console, the agent receives the update in seconds and applies it immediately — no reboot required.
No. PortGuard targets USB storage class devices only (flash drives, external hard drives, memory card readers). HID devices like keyboards, mice, and headsets are completely unaffected. Your users will never notice anything except that unauthorized flash drives no longer mount.
The last-known policy continues to be enforced locally. If enforcement was enabled and the device goes offline, USB storage remains blocked until connectivity is restored and the agent re-syncs. This "fail-closed" behavior is intentional — it prevents users from unplugging the network cable to bypass controls.
Yes. PortGuard supports per-device allowlisting by hardware ID (VID/PID) or serial number. You can allow a specific company-issued flash drive across all endpoints while blocking every other storage device — all managed from the web console without touching Group Policy or registry keys.
Group Policy USB controls are slow (up to 90-minute sync cycles), all-or-nothing at the OU level, and have no real-time visibility. PortGuard gives you per-machine toggle control, live device inventory showing what is physically plugged in right now, instant policy changes via the cloud, and a full audit trail — all without touching Active Directory or requiring domain membership.